Articles about Security

The US has made no secret of the fact it does not trust Huawei, and the company's hardware has been shunned by the government over fears about Chinese espionage. There have also been calls for Huawei hardware to be barred from the US power grid.

The smartphone manufacturer has previously indicated that it is not willing to go down without a fight, and this threat could be about to be put into action. Huawei is said to be preparing to sue the US government, challenging last year's addition to the US National Defense Authorization Act (NDAA), according to sources talking to the New York Times.

Continue reading →

With every passing year, cybercrime gets worse. It makes sense: it’s lucrative. Cybercrime is estimated to be a $1.5 trillion industry, with some countries now basing their economy around cybercrime. As a result, cybercriminals are now emboldened with new technology that makes data breach attacks easier and more accessible.

With all of that in mind, you may be wondering whether your business, in particular, is likely to suffer an attack. And even though you may have seen some statistics, the answer is a little more complicated than it seems. Here are some important cybersecurity statistics that can shed some light on what you can expect in 2019.

Continue reading →

Privileged accounts are a necessity in all enterprise IT environments. Administrators must have enhanced privileges to manage the environment. Unfortunately, these privileged accounts bring high risk to a company’s network; in fact, recent research shows that almost half (44 percent) of all security breaches that happened in 2017 involved privileged account access.

There are a number of reasons these privileged accounts bring such high risk with them. For example, something so simple as a password reset can mistakenly grant a user full administrative rights that can be misused either intentionally or accidentally. These accounts are also inherently difficult to manage due to the high volume of users and systems that need access to the same credentials, making it difficult to keep the credentials secure. Luckily, there are some concrete, critical steps that an organization can take to ensure risk on its network is minimized and protected from privileged account misuse.

Continue reading →

Facebook has been encouraging users to enable two-factor authentication to boost the security of their accounts, but it turns out that there's a slightly sinister side to this feature.

You may well have opted to maintain an element of privacy by omitting personal information such as your address and phone number from your profile. But if you've used your mobile number to secure your account with 2FA, even if it is not visible to others, it can still be used to search for you -- and there is no way to opt out of this.

Continue reading →

iPhones are renown for their security -- to the point that even law enforcement agencies have trouble accessing their contents. An Israeli firm, Cellebrite, became well-known when it transpired that hacking tools it made were used by the US government to crack locked iPhones… and now its hacking tools are available to buy on eBay.

For as little as $100-$1000, you can get your hands on a second-hand piece of Cellebrite equipment (a fraction of its usual selling price). For just a few Benjamins, you could get a Cellebrite UFED (Universal Forensic Extraction Device) and use it for whatever you might fancy.

Continue reading →

We recently reported on how formjacking has become a popular and lucrative form of online fraud. It’s difficult for the consumer to detect which makes it a particular hazard.

But in the UK the new Open Banking standard, aimed at making it easier for consumers to share financial data across organizations, could make formjacking and other frauds obsolete. We spoke to Luca Martinetti, CTO and co-founder of financial API provider TrueLayer  to find out more

Continue reading →

Despite the fact that in recent months we've seen cybercriminals focusing their efforts on businesses, 68 percent of infections are seen on consumer endpoints, compared to 32 percent on business endpoints.

This is one of the findings of the latest Webroot Threat Report, which also shows that legitimate websites are frequently compromised to host malicious content, with 40 percent of malicious URLs hosted on good domains.

Continue reading →

If you've ever tried to book tickets for a concert, festival or event you will know that it can be something of a frustrating experience, and bots could be making it even more so.

New research from Distil Networks finds 39.9 percent of traffic on ticketing sites comes from bots used by brokers, scalpers, hospitality agencies, and sundry criminals to execute a number of attacks, including denial of inventory, spinning and scalping, scraping seat map inventory, fan account takeover, and fraud.

Continue reading →

A new study reveals that 87 percent of cybersecurity professionals believe separating privileged environments from corporate, internet-exposed environments is highly critical for protecting sensitive information.

But the Privileged Access Workstations (PAW) survey carried out by Cybersecurity Insiders for endpoint security company Hysolate also finds that time-consuming access processes and the inability to install apps, browse the web or plug in external devices, are key implementation roadblocks.

Continue reading →

Security researchers from Dojo by Bullguard have discovered a vulnerability in Amazon's Ring doorbell that leaves it prone to man-in-the-middle attacks.

As well as enabling a hacker to access audio and video feeds in a severe violation of both privacy and security, the vulnerability also means that an attacker could replace a feed with footage of their own. Revealing the security flaw at Mobile World Congress, Yossi Atias from Dojo, demonstrated how a feed could be hijacked and injected with counterfeit video.

Continue reading →

Thanks to the huge volume of stolen credentials now available online, credential stuffing has become a major issue for the retail industry.

A new report from edge platform specialist Akamai shows that hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year.

Continue reading →

It's useful for security and risk leaders to know their industry's security performance standards and be able to perform peer and sector-wide security benchmarking. But the information to be able to do that isn't always easily available.

Security ratings company BitSight is launching a new Peer Analytics feature on its platform that allows the comparison of security performance across global organizations.

Continue reading →

Multi-factor authentication specialist Veridium is launching a new behavior analytics feature to better protect user identities and prevent malicious activity.

Incorporated in the VeridiumID authentication platform, InMotion increases the reliability of all native biometrics for authentication by pairing behavioral data captured on smartphones with users' biometrics, making it more difficult for malicious actors to spoof their fingerprints or faces to gain access to accounts.

Continue reading →

New research into consumer trust and spending habits by contact center payment security company PCI Pal shows 62 percent of Americans report that they will stop spending with a brand for several months following a hack or breach, versus 44 percent of Brits.

But when the British do react they do so for the long term, 41 percent of British consumers never return to a brand after a hack compared to only 21 percent of Americans.

Continue reading →

Cloud-based business initiatives are accelerating faster than security organizations' ability to secure them according to 60 percent of respondents to a new survey.

The study by network security company FireMon also finds that in many cases security personnel are not even included in cloud business initiatives.

Continue reading →